Filtering Mechanism for Securing Linux Kernel

1. A device for safeguarding a Linux kernel comprising: a processor; a memory storing instructions to be executed by the processor; applications; a core kernel; a wrapper in communication with the core kernel, the wrapper being object oriented; and a filter in communication with the wrapper and the core kernel, the filter only in indirect communication with all of the applications via the wrapper, the filter being dynamically loadable, the filter further being capable of intercepting function calls prior to the function calls accessing the core kernel.

2. The device of claim 1 further comprising: a syscall table in communication with the filter.

3. The device of claim 1 further comprising: a userspace and a kernelspace.

4. The device of claim 3 wherein the userspace includes an application that issues the function calls.

5. The device of claim 3 wherein the kernelspace includes the wrapper, the filter, and the core kernel.

6. The device of claim 1 wherein the filter is realized as a decorator class.

7. The device of claim 6 wherein a policy is added for each decorator class, each of the policy for each decorator class being capable of determining preconditions.

8. The device of claim 1 wherein the wrapper is capable of issuing a trap to the core kernel when an intercepted function call is unauthorized.

9. A method for securing a Linux kernel based on dynamically loadable message filters comprising the steps of: intercepting, by a message filter, function calls sent from applications located in a userspace; issuing, by a wrapper, a trap to a core kernel when an intercepted function call is unauthorized; dynamically invoking, by a syscall table, a filter function of the filter corresponding to the intercepted function call, the filter being only in indirect communication with all of the applications via the wrapper; triggering, by the message filter, actions according to policy specifications; and calling, by the wrapper, an original kernel function.